cryptolocker | 58cbb88d66fa9414dea87d5f801e34c0bffe1a1dadf5d579ecd57b22b0806f97 | Triage

Sharing

General

Target

58cbb88d66fa9414dea87d5f801e34c0bffe1a1dadf5d579ecd57b22b0806f97
Size

390KB
Sample

240330-yhkb8adg27
MD5

0d0777308a101c3f1c581456edf1430e
SHA1

cd291eb3a623d22cf5e1dffa074c25ee6faf1f2a
SHA256

58cbb88d66fa9414dea87d5f801e34c0bffe1a1dadf5d579ecd57b22b0806f97
SHA512

53658701ecd98b88f37951fd8d289f96e99a06b0dee673d10fd49fdd9d2b61d536df41cfa77f386a389709e9f5add9e88378a05b8f3baf834955c0fae3739c48
SSDEEP

6144:EWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCcVEpSkg:EWkEuCaNT85I2vCMX5l+ZRvnVEpw

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Targets

- Target
  
  58cbb88d66fa9414dea87d5f801e34c0bffe1a1dadf5d579ecd57b22b0806f97
- Size
  
  390KB
- MD5
  
  0d0777308a101c3f1c581456edf1430e
- SHA1
  
  cd291eb3a623d22cf5e1dffa074c25ee6faf1f2a
- SHA256
  
  58cbb88d66fa9414dea87d5f801e34c0bffe1a1dadf5d579ecd57b22b0806f97
- SHA512
  
  53658701ecd98b88f37951fd8d289f96e99a06b0dee673d10fd49fdd9d2b61d536df41cfa77f386a389709e9f5add9e88378a05b8f3baf834955c0fae3739c48
- SSDEEP
  
  6144:EWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCcVEpSkg:EWkEuCaNT85I2vCMX5l+ZRvnVEpw
Score

10^/10

cryptolocker persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptolockerpersistenceransomware

behavioral2

cryptolockerpersistenceransomware